Privacy Policy

Who I Am

This website (http://www.garethsouthwell.com) is owned and run by Gareth Southwell, a UK-based illustrator, writer and philosopher. Below follows a summary of my privacy and data collection policy. If, after reading this, you are still concerned or unsure about any aspect of how I treat your data, please contact me.

What personal data I collect and why I collect it

In compliance with GDPR, I try to ensure that I collect only the minimum user data necessary to maintain my business and run the site. I do not sell your data on to third parties, though some of the services I use may utilise some of your data for their own purposes (as set out in their own privacy policies – see the links provided in the relevant sections below). The data is collected in three main ways: directly, via the newsletter plugin; discreetly, via WordPress; and, for those who message me, through the Contact Form. Most of the discreet data is collected through ‘cookies’ – little files placed on your computer that log specific information about your visit. Sometimes these files are needed just to make the site work, but you can turn off some or all of these cookies through your browser (see how). Below follows more information on each of these data collection methods.

Newsletter

For those who sign up to my newsletter, I retain names and email addresses, and by signing up and confirming your subscription (‘double opt-in’), I asssume that you are happy for me to contact you regarding my artistic, philosophy related and writing work, and other related news as set out on the newsletter signup page. You can of course unsubscribe at any time. The software (‘plugin’) I use to send newsletters also provides anonymous information on user’s approximate geographical location (via your IP address), and how many have opened and clicked on links in each newsletter. To the best of my knowledge, that is all. I do not sell or pass any of this information on to third parties. Unsubscribers, and users who sign up but do not confirm their subscription via the follow-up email, are deleted each month (after a minimum of a month, but a maximum of two months). You can find out more about the data the plugin collects here.

Contact Form

If you contact me via the contact form (part of WordPress’s Jetpack plugin), the submission data (IP address, user agent, email address, site URL, and comment) is submitted to the Akismet service for spam checking. The actual submission data is stored in the database of the site is emailed directly to me. This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

The IP address is included as an abuse prevention measure. And for sites using Akismet (the WordPress spam prevention checker), it is required for providing proper spam defence. Post and post meta data associated with a user’s contact form submission, the IP address and user agent originally submitted with the comment are all synced.

Regarding how long I keep your messages and contact details, please see the ‘How Long I Retain Your Data’ section below.

WordPress

I use WordPress to run this site, along with various third party plugins. As well as via the contact form, WordPress collects data in the following ways.

Comments

When visitors leave comments on the site, the data shown in the comments form is collected and stored, together with the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on the site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Finally, the cookie policy notice that occurs when you first visit the website stores a cookie recording users’ acceptance. This is stored for 1 week.

To use your browser settings to manage what data is collected through cookies, see the instructions here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

By default, WordPress does not collect any analytics data, and I do not use Google Analytics or any other tracking method.

Who I share your data with

By default WordPress does not share any personal data with anyone. I also do not sell or pass your personal data on to any third parties.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so WordPress can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on the website (if any), the site also stores the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

While you are subscribed, I retain your email address and name to send you newsletters. Unsubscribers, and users who sign up but do not confirm their subscription via the follow-up email, are deleted each month (after a minimum of a month, but a maximum of two months).

If you contact me for work purposes via the contact form or email me, I retain some email addresses, names and messages as part of my core business practice (e.g. for tax and record keeping purposes). I will NOT automatically add you to a newsletter or mailing list, and will only contact you in relation to your initial enquiry. I perform a yearly data audit, and delete all emails older than 6 years (relating to paid work, sales, etc), and a maximum of 2 years (for all other work-related correspondence not resulting in paid work). The exception to this regards certain communications that relate to licensing or contracts that are still in effect (in case of any need to reference the original negotiation or agreement), which are kept while the contract/licence is still in force (which, in some cases, may be indefinitely).

Regarding correspondence with prospective clients relating to marketing, I keep a spreadsheet of those individuals I have contacted (their names, email addresses, job role and employer), together with any response, and my own notes relating to that. Where those contacted have expressed a preference not to be contacted again, or the contact proves unsuitable for other reasons, then I keep the contact information, response and my own notes relating to the contact indefinitely so as to know not to contact them again.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to me. You can also request that I erase any personal data the site holds about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where I send your data

Visitor comments may be checked through an automated spam detection service.

More About WordPress

You can find a complete breakdown of the data WordPress collectshere, and the specific cookies it uses here.

How I protect your data

All data held on the web site is hosted by Shiny Internet on password protected servers (for more information on their privacy and data protection policy, please contact them through their website). Any personal data held on my work computer is password protected.

Still not sure? Contact me…

If you are still concerned or unsure about any aspect of how I treat your data, please contact me using the contact form.